Security Solutions

Navigáció

IT Security Consulting

Strong Authentication

OTP Based Authentication

One of the most common strong authentication solutions involve implementing so called "One Time Password" or OTPs. Ad the term says, OTPs can only be used once to authenticate. OTPs can be time or event based. Time based OTPs expire after a set amount of time, usually a few minutes.

OTPs are usually numerical and are generated by a device or an application that the end user has and are use in combination with something that the user knows like a PIN.

Technologies implementing OTP authentication are very mature and can be integrated with a wide variety of consuming systems, like network devices, web portals, etc...

Risk Based Authentication

Another approach to implementing strong authentication is so called Risk Based authentication. A solution asses the risk of the authentication process by assessing a number of device and network forensic collected at the point in time that an authentication is attempted. For example, the IP address and location from where the connection is attempted might match a user's pattern, in which case the associated risk might be considered to be low.

While Risk Based authentication might offer a more user-friendly experience when compared to OTP based authentication it is not suitable for all technologies. In particular it can't be combined with technologies that don't allow collecting sufficient information to be used for the risk assessment process.

Transaction Signing

Transaction Signing is a process an extension of the typical strong authentication process, as it usually binds a strong authentication methods to a specific transactional data. Usually a transaction signature can only be used to authorize a specific transaction, like for example a payment for a specific amount to a specific bank account. It would not be possible to authorize with the same transaction signature a payment to a different account.

Transaction Signing can be used for both connected (online) or disconnected (offline) operations, subject to the nature of transaction to be signed.

Fraud Mitigation

Non-value fraud prevention

Non-value fraudulent activities like fraudulent updates of mailing addresses, phone numbers or other contact details are usually a precursor to fraud that will lead to an actual financial loss.

As such it is essential to detect and contain attempts of this type of fraudulent activities. Technologies analyzing the typical behavioral pattern of a user's online activities can be deployed in order to detect information updates that are out of step.

Financial fraud prevention

Preventing third party financial fraud in order to avoid both financial loss and negative publicity is nowadays a must for all financial institutions. Deploying strong authentication technologies in a consumer environment can be both difficult from logistical point of view and degrade a customer's experience.

Risk assessing a financial transaction before execution helps in reducing the impact to the customer's experience by ensuring that only transaction deemed to be risky require the customer to provide strong authentication. Additionally transactions can be stopped based on a number of other criteria (or rules) that can be implemented by a financial institution's anti-fraud team.